R3 is in early development (pre-1.0). Security fixes are applied to the main branch and the latest tagged release. Until a 1.0 release, only the most recent version is supported.

Please report security vulnerabilities privately — do not open a public GitHub issue.

• Preferred: use GitHub's private vulnerability reporting ("Report a vulnerability" under the repository's Security tab).
• Alternatively, email eugene@amberpixels.io with the details.

Please include:

• A description of the issue and its potential impact.
• Steps to reproduce (a minimal proof of concept is ideal).
• The affected version, commit, or branch.

• We aim to acknowledge reports within a few business days.
• We'll work with you to confirm the issue, assess impact, and prepare a fix.
• Once a fix is released, we're happy to credit you in the advisory unless you'd prefer to remain anonymous.

Thank you for helping keep R3 and its users safe.